Cyber Security and Leadership Solutions

James Risler Manager – Security Content Development MBA, CISSP #456200, CCIE# 15412 [email protected]

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 • The “Why” • Trends • Threat Landscape • Examples of Cyber Attacks • Business Challenge • People Problem • Recommendations • Conclusion & Q&A

Anthem Home Depot JP Morgan Adobe Target Univ. of MD Neiman Marcus TJ Maxx Sony Zappos LinkedIn Citigroup Florida Courts

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

• Over 15% of attacks are targeted at financial institutions • Attacks include : DDoS Spyware Ransomware Mobile devices SPAM Web Exploits

• Source : IDC ™

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 • 2008 – 100 Million Credit and debit card numbers stolen by spyware from Heartland Payment Systems • 2014 – 76 Million household accounts and 7 million SMB accounts compromised at JP Morgan Chase • 2015 - DDoS attack launched on OP-Pohjola and Danske Bank • ... And more : European Central Bank extortion attempt Multi-bank attack by Eurograbber

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Threat Landscape is Evolving… Reputation Enterpris Antivirus IDS/IPS Intelligence (Global) e (Host- (Network and and Response Based) Perimeter) Analytics Sandboxing (Cloud)

Spyware Increased APT’S Attack and Cyberwar Worms Rootkits Surface

2000 2005 2010 Tomorrow

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Missed by Point-in-time 100 percent of companies surveyedDetection by Cisco have connections to domains that are known to host malicious files or services. (2014 CASR) It is a Community that hides in plain sight

Phishing, Spam Patching, new Unknown code Malvertising vulnerabilities exploits

Untrustworthy sources

Clickfraud and Adware 10%vs 64%

IE requests Chrome requests Outdated browsers running latest running latest version version

2015 Cisco Annual Security Report Sophisticated Attacks, Complex Landscape

Hacking Becomes an Industry

Phishing, Low Sophistication

Botnets ILOVEYOU Nimda Tedroo Aurora Melissa SQL Slammer Rustock Shady Rat Anna Kournikova Conficker Conficker v2 Duqu 1990 1995 2000 2005 2010 2015 2020

Viruses Worms Spyware and Rootkits APTs Cyberware 1990–2000 2000–2005 2005–Today Today +

Exploits Mobile Malware $100k-$300K $150 Spam Credit $50/500K emails Social Card Data Security $0.25−$60 $1 Medical Global Record Cybercrime >$50 Market: DDoS $ $450B-$1T Facebook Account Malware $1 for an account Bank Account Info Development with 15 friends DDoS >$1000 $2500 as a Service depending on account (commercial malware) ~$7/hour type and balance

Welcome to the Hackers’ Economy

Source: CNBC Impact of a Breach

Breach occurs data in of breaches remain Information of up to breaches is stolen in undiscovered for individuals on the black market over last three

START HOURS MONTHS YEARS

Source: Verizon Data Breach Report 2014 Examples of Cyber Attacks • 4 Key South Korean Targets Phishing against Hyundai Merchant Marine • Infecting Systems Trojan Dropper – DLL library against Windows 7 • Install Spying Modules Key Stroke Logger, Directory Listing, Remote Control & Execution, Remote Control Access • Disable Firewall • Communication Command and control Bot done through a Bulgarian web-based free email server • Regular Reporting and RC4 Encryption and Exporting of Data

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 1. Phish HVAC Vendor Steal credentials – Target hosted web server

2. Scan Network – Determine HVAC vendor access shared web server

1. Upload PHP Script to Web Server – Vulnerability in Application

1. Control of Webserver – Scan for relevant targets for propagation (MSSQLSvc/Billing)

1. Attack Microsoft AD Domain – Steal access tokens on Webserver (Pass-the-hash)

7. Propagate to relevant computers (“Angry IP Scanner”) by pass security solutions (Tunneling with PsExec’s)

7. Attack SQL Server – Steal 70 Million PII records (no credit cards because PCI compliant) • Osql.exe • Isql.exe • Bcp.exe

10.Send stolen Credit Card info to network share (FTP transfer)

10.Upload Credit Card information to FTP site

Dynamic Boardroom Threats Engagement

Defenders

Complex Misaligned Geopolitics Policies

• Zeus, Phishing, Mules • Traditional Signature • Rapid Growth of Regulatory Enforcement less Effective Requirements: PCI, HIPAA, • Targeted Attacks for Profit Influx of Mobile Devices, BYOD NERC CIP, FISMA, SOX, ISO • Advanced Persistent • Dual Profiles—Personal and • Legal Liabilities Drive Internal Threats (APT) Corporate Requirements • Cyber and Economic • Access Policy Inconsistent, • Little to No Guidance On How Espionage Difficult to Maintain to Meet New Standards

Security Breaches are Costly

Security is the #1 Issue for Your Customers

Protect Now the Value You Intend to Create Tomorrow

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Summary Cisco 2015 Annual Security Report Key Findings • Lack of Security Leadership in Small companies (only 22 percent respondents see security has high priority) • Gap between CISO and SecOp Manager in terms of confidence • Less than 50% of respondents use following tools: • Identity Administrator or user provisioning • Patching and configuration • Penetration testing or Endpoint Forensics • Vulnerability scanning • Only 40% of companies do Correlated event/log analysis Solution • New approaches to Security through alignment with People, Process and Technology

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 • “Caught in the middle are the users. But now, it appears they not only are the targets, but also the complicit enablers of attacks.” • “Users’ careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure” • People are part corporate system Solution • Training Programs • Leadership from Executives on down

BEFORE DURING AFTER Discover Detect Scope Enforce Block Contain Harden Defend Remediate

Monitoring Identification Impact Mitigation

Visibility and Context Mission Critical Business Systems and Solutions

Policies, Process Response Policy Communication and People and Strategy

• 3 Distinct Layers with seven discret focus area 1. Strategy – Define, document, and publish 2. Operational – develop operational standards, process, and proceedures 3. Tactical – implement security controls and monitoring with defined metrics

• Critical – Executive Sponsorship

• Plane for … Before During and After the Attack What is the critical components of the business? Have you done a risk assessment? Use existing business cases (Target, Home Depot, etc) How will the board respond to a Cyber attack?

• Business Leaders must drive security

• Business Challenge - Tools, Process, and People

• Cybersecurity Framework is critical

Verizon 2015 Data Breach Investigation Report http://www.verizonenterprise.com/DBIR/

Thank You http://www.cisco.com/c/dam/en/us/products/collateral/security/cyber security-management-programs.pdf http://www.datacenterdynamics.com/security/ciscos-2015-security- report-its-a-people-problem/94536.fullarticle